Decommissioning Windows Server 2012 Domain Controller

As you know, Windows Server 2012 is completely new operating system. These days, the main point from domain administrator point of view is to install and promote server as Domain Controller based on that system. That’s fine and this is obvious reason 🙂 but what if, in some case, we would like to decommission it? How we can do that?

The first thing you can think of is dcpromo command. Generally, that’s true but remember, in Windows Server 2012 dcpromo cannot be used to promote/demote Domain Controller over regular way. Oh, what a big shame :/ what can I do to decommission Windows Server 2012 Domain Controller ?

The answer is simple…

… just use the new Windows Server Manager version. Thanks to that tool, you are able to decommission DC in few simple steps. Just take a look at below steps to fulfill the requirement

Log on to Domain Controller based on Windows Server 2012 and run Server Manager or wait until it will show up (if you did not change its default startup mode). Then you need to decide if you wish to decommission currently logged on DC or any other (remote DC). In case that you want to decommission remote Domain Controller just select “All servers” node in Server Manager and choose DC from the list of available servers

Selecting DC to decommission

if not, just stay in “Local Server” node. Now, it is time to start decommissioning Domain Controller. To do that, you need to “Manage” and select “Remove Roles and Features” option

Removing AD:DS role

When you run that option, you will see a window with all installed roles on a server but before that you would be able to change the server to demote (if you decided to choose another one in the meantime)

All roles available on a server

To start decommissioning DC, just unselect “Active Directory Domain Services” role and confirm uninstallation for all related features

Removing AD:DS role and features

When you confirm that, you will be informed that this option is not possible until current server is Domain Controller. In a window you would see a link to start server decommission process. Click on it and you will see a wizard responsible for DC removal

Starting decommission process

Now, you are in the first step known from dcpromo. This wizard is similar to the previous one but you can find there some new options. One of them is force DC removal which previously was available only when you ran “dcpromo /forceremoval” switch. This is also possible in Windows Server 2012 to use dcpromo with /forceremoval switch to forcefully decommission DC. But hey, this is new OS, let’s start using the new way for that 🙂

Options for DC decommission process

As you can see in that window, there is new feature for forceful AD:DS role removal. You can do that from GUI now, you don’t need to run dcpromo with separate switch for that.

Important! Do not select option “Last domain controller in the domain” unless it is really decommission for the last DC. You would corrupt your AD environment.

When you are demoting DC, you need to be logged on with appropriate privileges. In case that you do not use an account which allows DC decommission, you may specify it during that process. Click on “Change” button and provide appropriate account.

Selecting account for DC decommission process

Now, you are ready to start removing AD: DS role but you cannot do that without selecting “Proceed with removal” checkbox. This feature prevents from accidental Domain Controller decommission. To start process, select mentioned checkbox and press “Next” button.

Initiating decommission process

When you are decommissioning DC which is not the last one, just press “Next”, do not select any zones or application partitions to remove.

Initiating decommission process

At this step, you need to configure a password for local administrator account which was unavailable on a server as it was Domain Controller where local accounts do not exist